Vulnerabilities > Ibexa
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2020-23065 | Cross-site Scripting vulnerability in Ibexa Ezpublish Legacy and Ezpublish Platform Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf. | 5.4 |
| 2023-03-12 | CVE-2021-46875 | Cross-site Scripting vulnerability in Ibexa EZ Platform Kernel An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. | 6.1 |
| 2023-03-12 | CVE-2021-46876 | Unspecified vulnerability in Ibexa EZ Platform Kernel An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. | 5.3 |
| 2023-03-12 | CVE-2022-48365 | Improper Privilege Management vulnerability in Ibexa Digital Experience Platform and EZ Platform Kernel An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. | 7.2 |
| 2023-03-12 | CVE-2022-48366 | Race Condition vulnerability in Ibexa products An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. | 3.7 |
| 2023-03-12 | CVE-2022-48367 | Missing Authorization vulnerability in Ibexa products An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. | 9.8 |
| 2022-11-10 | CVE-2022-41876 | Insecure Storage of Sensitive Information vulnerability in Ibexa Ezplatform-Graphql 2.0.0 ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. | 5.3 |
| 2022-02-18 | CVE-2022-25336 | Authorization Bypass Through User-Controlled Key vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | 5.3 |
| 2022-02-18 | CVE-2022-25337 | Injection vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. | 6.8 |